SAML token mediator site authenticators
Security Assertion Markup Language (SAML) token mediator site authenticators use the PingFederate Security Token Service (STS) to exchange a PingAccess token for a SAML token that is valid at the target site.
The following table describes the fields available for managing SAML token mediator site authenticators on the New Site Authenticator page.
Field | Description | ||
---|---|---|---|
Token Generator ID |
Defines the Instance Name of the token generator that you want to use. The token generator is configured in PingFederate. For more information, see Managing token generators in the PingFederate documentation. If PingFederate administration is configured, and PingFederate has one or more token generators configured, this field becomes a list of available token generator IDs. |
||
Logged In Cookie Name |
Defines the cookie name containing the token that the target site is expecting. |
||
Logged In Header Name |
Defines the header name containing the token that the target site is expecting. You must enter a valid header name per RFC 7230.
|
||
Logged Off Cookie Name |
Defines the cookie name that the target site responds with in the event of an invalid or expired token. If the PingAccess token is still valid, PingAccess re-obtains a valid SAML token and makes the request to the site again. If the site responds with the cookie set as logged off again, PingAccess responds to the client with an |
||
Logged Off Cookie Value |
Defines the value placed in the Logged Off cookie to detect an invalid or expired SAML token event. |
Advanced Settings
To configure advanced settings on a SAML token mediator site authenticator, expand the Show Advanced Settings section at the bottom of the New Site Authenticator page. These settings are optional.
Field | Description |
---|---|
Token Processor ID |
Defines the instance name of a token processor that you want to use. The token processor is configured in PingFederate. Specify this value if more than one instance of either the JSON Web Token (JWT) processor or the OAuth bearer access token processor is defined in PingFederate. If PingFederate Administration is configured, and PingFederate has one or more token processors configured, this field becomes a list of available token processor IDs. |